aspera-cli 4.4.0 → 4.7.0

data/lib/aspera/oauth.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'aspera/open_application'
 require 'aspera/web_auth'
 require 'aspera/id_generator'
@@ -11,14 +12,17 @@ module Aspera
   # call get_authorization() to get a token.
   # bearer tokens are kept in memory and also in a file cache for later re-use
   # if a token is expired (api returns 4xx), call again get_authorization({refresh: true})
+  # https://tools.ietf.org/html/rfc6749
   class Oauth
-    # used for code exchange
-    DEFAULT_PATH_AUTHORIZE='authorize'
-    # to generate token
-    DEFAULT_PATH_TOKEN='token'
-    # field with token in result
-    DEFAULT_TOKEN_FIELD='access_token'
-    private
+    DEFAULT_CREATE_PARAMS={
+      token_field:    'access_token', # field with token in result
+      path_token:     'token', # default endpoint for /token to generate token
+      web:            {path_authorize: 'authorize'} # default endpoint for /authorize, used for code exchange
+    }.freeze
+
+    # OAuth methods supported by default
+    STD_AUTH_TYPES=[:web, :jwt].freeze
+
     # remove 5 minutes to account for time offset (TODO: configurable?)
     JWT_NOTBEFORE_OFFSET_SEC=300
     # one hour validity (TODO: configurable?)
@@ -27,184 +31,237 @@ module Aspera
     TOKEN_CACHE_EXPIRY_SEC=1800
     # a prefix for persistency of tokens (garbage collect)
     PERSIST_CATEGORY_TOKEN='token'
-    ONE_HOUR_AS_DAY_FRACTION=Rational(1,24)
+    TOKEN_EXPIRATION_GUARD_SEC=120
 
-    private_constant :JWT_NOTBEFORE_OFFSET_SEC,:JWT_EXPIRY_OFFSET_SEC,:PERSIST_CATEGORY_TOKEN,:TOKEN_CACHE_EXPIRY_SEC,:ONE_HOUR_AS_DAY_FRACTION
-    class << self
-      # OAuth methods supported
-      def auth_types
-        [ :body_userpass, :header_userpass, :web, :jwt, :url_token, :ibm_apikey ]
-      end
+    private_constant :JWT_NOTBEFORE_OFFSET_SEC,:JWT_EXPIRY_OFFSET_SEC,:TOKEN_CACHE_EXPIRY_SEC,:PERSIST_CATEGORY_TOKEN,:TOKEN_EXPIRATION_GUARD_SEC
 
+    # persistency manager
+    @persist=nil
+    # token creation methods
+    @handlers={}
+    # token unique identifiers from oauth parameters
+    @id_elements=[
+      [:crtype],
+      [:generic,:grant_type],
+      [:jwt,:payload,:sub],
+      [:auth,:username],
+      [:aoc_pub_link,:json,:url_token],
+      [:generic,:apikey],
+      [:scope],
+      [:generic,:response_type]
+    ]
+
+    class << self
       def persist_mgr=(manager)
         @persist=manager
+        # cleanup expired tokens
+        @persist.garbage_collect(PERSIST_CATEGORY_TOKEN,TOKEN_CACHE_EXPIRY_SEC)
       end
 
       def persist_mgr
         if @persist.nil?
-          Log.log.warn('Not using persistency (use Aspera::Oauth.persist_mgr=Aspera::PersistencyFolder.new)')
+          Log.log.debug('Not using persistency') # (use Aspera::Oauth.persist_mgr=Aspera::PersistencyFolder.new)
           # create NULL persistency class
           @persist=Class.new do
-            def get(x);nil;end;def delete(x);nil;end;def put(x,y);nil;end;def garbage_collect(x,y);nil;end
+            def get(_x);nil;end;def delete(_x);nil;end;def put(_x,_y);nil;end;def garbage_collect(_x,_y);nil;end # rubocop:disable Layout/EmptyLineBetweenDefs
           end.new
         end
         return @persist
       end
 
+      # delete all existing tokens
       def flush_tokens
         persist_mgr.garbage_collect(PERSIST_CATEGORY_TOKEN,nil)
       end
 
+      # register a bearer token decoder, mainly to inspect expiry date
       def register_decoder(method)
         @decoders||=[]
         @decoders.push(method)
       end
 
+      # decode token using all registered decoders
       def decode_token(token)
-        Log.log.debug(">>>> #{token} : #{@decoders.length}")
         @decoders.each do |decoder|
           result=decoder.call(token) rescue nil
           return result unless result.nil?
         end
         return nil
       end
-    end
 
-    # seems to be quite standard token encoding (RFC?)
-    self.register_decoder lambda { |token| parts=token.split('.'); raise "not aoc token" unless parts.length.eql?(3); JSON.parse(Base64.decode64(parts[1]))}
+      # register a token creation method, specify using field :crtype in constructor
+      def register_token_creator(id, method)
+        raise 'error' unless id.is_a?(Symbol) && method.is_a?(Proc)
+        @handlers[id]=method
+      end
 
-    # for supported parameters, look in the code for @params
-    # parameters are provided all with oauth_ prefix :
-    # :base_url
-    # :client_id
-    # :client_secret
-    # :redirect_uri
-    # :jwt_audience
-    # :jwt_private_key_obj
-    # :jwt_subject
-    # :path_authorize (default: DEFAULT_PATH_AUTHORIZE)
-    # :path_token (default: DEFAULT_PATH_TOKEN)
-    # :scope (optional)
-    # :grant (one of returned by self.auth_types)
-    # :url_token
-    # :user_name
-    # :user_pass
-    # :token_type
-    def initialize(auth_params)
-      Log.log.debug("auth=#{auth_params}")
-      @params=auth_params.clone
-      # default values
-      # name of field to take as token from result of call to /token
-      @params[:token_field]||=DEFAULT_TOKEN_FIELD
-      # default endpoint for /token
-      @params[:path_token]||=DEFAULT_PATH_TOKEN
-      # default endpoint for /authorize
-      @params[:path_authorize]||=DEFAULT_PATH_AUTHORIZE
-      rest_params={base_url: @params[:base_url]}
-      if @params.has_key?(:client_id)
-        rest_params.merge!({auth: {
-          type:     :basic,
-          username: @params[:client_id],
-          password: @params[:client_secret]
-          }})
+      # @return one of the registered creators for the given create type
+      def token_creator(id)
+        raise "token create type unknown: #{id}/#{id.class}" unless @handlers.has_key?(id)
+        @handlers[id]
       end
-      @token_auth_api=Rest.new(rest_params)
-      if @params.has_key?(:redirect_uri)
-        uri=URI.parse(@params[:redirect_uri])
-        raise "redirect_uri scheme must be http" unless uri.scheme.start_with?('http')
-        raise "redirect_uri must have a port" if uri.port.nil?
-        # we could check that host is localhost or local address
+
+      # list of identifiers foundn in creation parameters that can be used to uniquely identify the token
+      def id_elements
+        return @id_elements
       end
-      # cleanup expired tokens
-      self.class.persist_mgr.garbage_collect(PERSIST_CATEGORY_TOKEN,TOKEN_CACHE_EXPIRY_SEC)
-    end
+    end # self
+
+    # JSON Web Signature (JWS) compact serialization: https://datatracker.ietf.org/doc/html/rfc7515
+    register_decoder lambda { |token| parts=token.split('.'); raise 'not aoc token' unless parts.length.eql?(3); JSON.parse(Base64.decode64(parts[1]))}
 
-    # open the login page, wait for code and check_code, then return code
-    def goto_page_and_get_code(login_page_url,check_code)
+    # generic token creation, parameters are provided in :generic
+    register_token_creator :generic,lambda { |oauth|
+      return oauth.create_token(oauth.params[:generic])
+    }
+
+    # Authentication using Web browser
+    register_token_creator :web,lambda { |oauth|
+      callback_verif=SecureRandom.uuid # used to check later
+      login_page_url=Rest.build_uri("#{oauth.params[:base_url]}/#{oauth.params[:web][:path_authorize]}",optional_scope_client_id({response_type: 'code', redirect_uri: oauth.params[:web][:redirect_uri], state: callback_verif}))
+      # here, we need a human to authorize on a web page
       Log.log.info("login_page_url=#{login_page_url}".bg_red.gray)
       # start a web server to receive request code
-      webserver=WebAuth.new(@params[:redirect_uri])
+      webserver=WebAuth.new(oauth.params[:web][:redirect_uri])
       # start browser on login page
       OpenApplication.instance.uri(login_page_url)
       # wait for code in request
-      request_params=webserver.get_request
-      Log.log.error("state does not match") if !check_code.eql?(request_params['state'])
-      code=request_params['code']
-      return code
-    end
+      received_params=webserver.received_request
+      raise 'state does not match' if !callback_verif.eql?(received_params['state'])
+      # exchange code for token
+      return oauth.create_token(oauth.optional_scope_client_id({grant_type: 'authorization_code', code: received_params['code'], redirect_uri: oauth.params[:web][:redirect_uri]},add_secret: true))
+    }
 
-    def create_token(rest_params)
-      return @token_auth_api.call({
-        operation: 'POST',
-        subpath:   @params[:path_token],
-        headers:   {'Accept'=>'application/json'}}.merge(rest_params))
+    # Authentication using private key
+    register_token_creator :jwt,lambda { |oauth|
+      # https://tools.ietf.org/html/rfc7523
+      # https://tools.ietf.org/html/rfc7519
+      require 'jwt'
+      seconds_since_epoch=Time.new.to_i
+      Log.log.info("seconds=#{seconds_since_epoch}")
+      raise 'missing JWT payload' unless oauth.params[:jwt][:payload].is_a?(Hash)
+      jwt_payload = {
+        exp: seconds_since_epoch+JWT_EXPIRY_OFFSET_SEC, # expiration time
+        nbf: seconds_since_epoch-JWT_NOTBEFORE_OFFSET_SEC, # not before
+        iat: seconds_since_epoch, # issued at
+        jti: SecureRandom.uuid # JWT id
+      }.merge(oauth.params[:jwt][:payload])
+      Log.log.debug("JWT jwt_payload=[#{jwt_payload}]")
+      rsa_private=oauth.params[:jwt][:private_key_obj] # type: OpenSSL::PKey::RSA
+      Log.log.debug("private=[#{rsa_private}]")
+      assertion = JWT.encode(jwt_payload, rsa_private, 'RS256', oauth.params[:jwt][:headers]||{})
+      Log.log.debug("assertion=[#{assertion}]")
+      return oauth.create_token(oauth.optional_scope_client_id({grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', assertion: assertion}))
+    }
+
+    attr_reader :params, :token_auth_api
+
+    private
+
+    # [M]=mandatory [D]=has default value [0]=accept nil
+    # :base_url            [M]  URL of authentication API
+    # :auth
+    # :crtype              [M]  :generic, :web, :jwt, custom
+    # :client_id           [0]
+    # :client_secret       [0]
+    # :scope               [0]
+    # :path_token          [D]  API end point to create a token
+    # :token_field         [D]  field in result that contains the token
+    # :jwt:private_key_obj [M] for type :jwt
+    # :jwt:payload         [M] for type :jwt
+    # :jwt:headers         [0] for type :jwt
+    # :web:redirect_uri    [M] for type :web
+    # :web:path_authorize  [D] for type :web
+    # :generic             [M] for type :generic
+    def initialize(a_params)
+      Log.log.debug("auth=#{a_params}")
+      # replace default values
+      @params=DEFAULT_CREATE_PARAMS.clone.deep_merge(a_params)
+      if @params.has_key?(:redirect_uri)
+        uri=URI.parse(@params[:web][:redirect_uri])
+        raise 'redirect_uri scheme must be http or https' unless ['http','https'].include?(uri.scheme)
+        raise 'redirect_uri must have a port' if uri.port.nil?
+        # TODO: we could check that host is localhost or local address
+      end
+      rest_params={base_url: @params[:base_url]}
+      rest_params[:auth]=a_params[:auth] if a_params.has_key?(:auth)
+      @token_auth_api=Rest.new(rest_params)
     end
 
     # @return unique identifier of token
-    def token_cache_id(api_scope)
-      oauth_uri=URI.parse(@params[:base_url])
-      parts=[PERSIST_CATEGORY_TOKEN,api_scope,oauth_uri.host,oauth_uri.path]
-      # add some of the parameters that uniquely define the token
-      [:grant,:jwt_subject,:user_name,:url_token,:api_key].inject(parts){|p,i|p.push(@params[i])}
+    # TODO: external handlers shall provide unique identifiers
+    def token_cache_id
+      parts=[PERSIST_CATEGORY_TOKEN,@params[:base_url]]
+      # add some of the parameters that uniquely identify the token
+      self.class.id_elements.each do |p|
+        identifier=@params.dig(*p)
+        identifier=identifier.split(':').last if identifier.is_a?(String) && p.last.eql?(:grant_type)
+        parts.push(identifier) unless identifier.nil?
+      end
       return IdGenerator.from_list(parts)
     end
 
     public
 
-    # used to change parameter, such as scope
-    attr_reader :params
+    # helper method to create token as per RFC
+    def create_token(www_params)
+      return @token_auth_api.call({
+        operation:       'POST',
+        subpath:         @params[:path_token],
+        headers:         {'Accept'=>'application/json'},
+        www_body_params: www_params})
+    end
 
-    # @param options : :scope and :refresh
-    def get_authorization(options={})
-      # api scope can be overriden to get auth for other scope
-      api_scope=options[:scope] || @params[:scope]
-      # as it is optional in many place: create struct
-      p_scope={}
-      p_scope[:scope] = api_scope unless api_scope.nil?
-      p_client_id_and_scope=p_scope.clone
-      p_client_id_and_scope[:client_id] = @params[:client_id] if @params.has_key?(:client_id)
-      use_refresh_token=options[:refresh]
+    # helper method
+    def optional_scope_client_id(call_params, add_secret: false)
+      call_params[:scope] = @params[:scope] unless @params[:scope].nil?
+      call_params[:client_id] = @params[:client_id] unless @params[:client_id].nil?
+      call_params[:client_secret] = @params[:client_secret] if add_secret && !@params[:client_id].nil?
+      return call_params
+    end
 
-      # generate token identifier to use with cache
-      token_id=token_cache_id(api_scope)
+    # Oauth v2 token generation
+    # @param use_refresh_token set to true to force refresh or re-generation (if previous failed)
+    def get_authorization(use_refresh_token: false)
+      # generate token unique identifier for persistency (memory/disk cache)
+      token_id=token_cache_id
 
       # get token_data from cache (or nil), token_data is what is returned by /token
       token_data=self.class.persist_mgr.get(token_id)
       token_data=JSON.parse(token_data) unless token_data.nil?
-      # Optional optimization: check if node token is expired, then force refresh
-      # in case the transfer agent cannot refresh himself
-      # else, anyway, faspmanager is equipped with refresh code
-      if !token_data.nil?
-        # TODO: use @params[:token_field] ?
-        decoded_node_token = self.class.decode_token(token_data['access_token'])
-        Log.dump('decoded_node_token',decoded_node_token) unless decoded_node_token.nil?
-        if decoded_node_token.is_a?(Hash) and decoded_node_token['expires_at'].is_a?(String)
-          expires_at=DateTime.parse(decoded_node_token['expires_at'])
-          # Time.at(decoded_node_token['exp'])
-          # does it seem expired, with one hour of security
-          use_refresh_token=true if DateTime.now > (expires_at-ONE_HOUR_AS_DAY_FRACTION)
+      # Optional optimization: check if node token is expired  basd on decoded content then force refresh if close enough
+      # might help in case the transfer agent cannot refresh himself
+      # `direct` agent is equipped with refresh code
+      if !use_refresh_token && !token_data.nil?
+        decoded_token = self.class.decode_token(token_data[@params[:token_field]])
+        Log.dump('decoded_token',decoded_token) unless decoded_token.nil?
+        if decoded_token.is_a?(Hash)
+          expires_at_sec=
+          if    decoded_token['expires_at'].is_a?(String) then DateTime.parse(decoded_token['expires_at']).to_time
+          elsif decoded_token['exp'].is_a?(Integer)       then Time.at(decoded_token['exp'])
+          end
+          # force refresh if we see a token too close from expiration
+          use_refresh_token=true if expires_at_sec.is_a?(Time) && (expires_at_sec-Time.now) < TOKEN_EXPIRATION_GUARD_SEC
+          Log.log.debug("Expiration: #{expires_at_sec} / #{use_refresh_token}")
         end
       end
 
       # an API was already called, but failed, we need to regenerate or refresh
       if use_refresh_token
-        if token_data.is_a?(Hash) and token_data.has_key?('refresh_token')
+        if token_data.is_a?(Hash) && token_data.has_key?('refresh_token')
           # save possible refresh token, before deleting the cache
           refresh_token=token_data['refresh_token']
         end
-        # delete caches
+        # delete cache
         self.class.persist_mgr.delete(token_id)
         token_data=nil
         # lets try the existing refresh token
         if !refresh_token.nil?
           Log.log.info("refresh=[#{refresh_token}]".bg_green)
           # try to refresh
-          # note: admin token has no refresh, and lives by default 1800secs
-          # Note: scope is mandatory in Files, and we can either provide basic auth, or client_Secret in data
-          resp=create_token(www_body_params: p_client_id_and_scope.merge({
-            grant_type:    'refresh_token',
-            refresh_token: refresh_token}))
-          if resp[:http].code.start_with?('2') then
+          # note: AoC admin token has no refresh, and lives by default 1800secs
+          resp=create_token(optional_scope_client_id({grant_type: 'refresh_token',refresh_token: refresh_token}))
+          if resp[:http].code.start_with?('2')
             # save only if success
             json_data=resp[:http].body
             token_data=JSON.parse(json_data)
@@ -215,116 +272,9 @@ module Aspera
         end
       end
 
-      # no cache
-      if token_data.nil? then
-        resp=nil
-        case @params[:grant]
-        when :web
-          # AoC Web based Auth
-          check_code=SecureRandom.uuid
-          auth_params=p_client_id_and_scope.merge({
-            response_type: 'code',
-            redirect_uri:  @params[:redirect_uri],
-            state:         check_code
-          })
-          auth_params[:client_secret]=@params[:client_secret] if @params.has_key?(:client_secret)
-          login_page_url=Rest.build_uri("#{@params[:base_url]}/#{@params[:path_authorize]}",auth_params)
-          # here, we need a human to authorize on a web page
-          code=goto_page_and_get_code(login_page_url,check_code)
-          # exchange code for token
-          resp=create_token(www_body_params: p_client_id_and_scope.merge({
-            grant_type:   'authorization_code',
-            code:         code,
-            redirect_uri: @params[:redirect_uri]
-          }))
-        when :jwt
-          # https://tools.ietf.org/html/rfc7519
-          # https://tools.ietf.org/html/rfc7523
-          require 'jwt'
-          seconds_since_epoch=Time.new.to_i
-          Log.log.info("seconds=#{seconds_since_epoch}")
-
-          payload = {
-            iss: @params[:client_id],    # issuer
-            sub: @params[:jwt_subject],  # subject
-            aud: @params[:jwt_audience], # audience
-            nbf: seconds_since_epoch-JWT_NOTBEFORE_OFFSET_SEC, # not before
-            exp: seconds_since_epoch+JWT_EXPIRY_OFFSET_SEC # expiration
-          }
-          # Hum.. compliant ? TODO: remove when Faspex5 API is clarified
-          if @params.has_key?(:f5_username)
-            payload[:jti] = SecureRandom.uuid # JWT id
-            payload[:iat] = seconds_since_epoch # issued at
-            payload.delete(:nbf) # not used in f5
-            p_scope[:redirect_uri]="https://127.0.0.1:5000/token" # used ?
-            p_scope[:state]=SecureRandom.uuid
-            p_scope[:client_id]=@params[:client_id]
-            @token_auth_api.params[:auth]={type: :basic,username: @params[:f5_username], password: @params[:f5_password]}
-          end
-
-          # non standard, only for global ids
-          payload.merge!(@params[:jwt_add]) if @params.has_key?(:jwt_add)
-          Log.log.debug("JWT payload=[#{payload}]")
-
-          rsa_private=@params[:jwt_private_key_obj]  # type: OpenSSL::PKey::RSA
-          Log.log.debug("private=[#{rsa_private}]")
-
-          assertion = JWT.encode(payload, rsa_private, 'RS256', @params[:jwt_headers]||{})
-          Log.log.debug("assertion=[#{assertion}]")
-
-          resp=create_token(www_body_params: p_scope.merge({
-            grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
-            assertion:  assertion
-          }))
-        when :url_token
-          # AoC Public Link
-          params={url_token: @params[:url_token]}
-          params[:password]=@params[:password] if @params.has_key?(:password)
-          resp=create_token({
-            json_params: params,
-            url_params:  p_scope.merge({grant_type: 'url_token'})
-          })
-        when :ibm_apikey
-          # ATS
-          resp=create_token(www_body_params: {
-            grant_type:    'urn:ibm:params:oauth:grant-type:apikey',
-            response_type: 'cloud_iam',
-            apikey:        @params[:api_key]
-          })
-        when :delegated_refresh
-          # COS
-          resp=create_token(www_body_params: {
-            grant_type:          'urn:ibm:params:oauth:grant-type:apikey',
-            response_type:       'delegated_refresh_token',
-            apikey:              @params[:api_key],
-            receiver_client_ids: 'aspera_ats'
-          })
-        when :header_userpass
-          # used in Faspex apiv4 and shares2
-          resp=create_token(
-          json_params: p_client_id_and_scope.merge({grant_type: 'password'}), #:www_body_params also works
-          auth:        {
-            type:     :basic,
-            username: @params[:user_name],
-            password: @params[:user_pass]}
-          )
-        when :body_userpass
-          # legacy, not used
-          resp=create_token(www_body_params: p_client_id_and_scope.merge({
-            grant_type: 'password',
-            username:   @params[:user_name],
-            password:   @params[:user_pass]
-          }))
-        when :body_data
-          # used in Faspex apiv5
-          resp=create_token({
-            auth:        {type: :none},
-            json_params: @params[:userpass_body],
-          })
-        else
-          raise "auth grant type unknown: #{@params[:grant]}"
-        end
-        # TODO: test return code ?
+      # no cache, nor refresh: generate a token
+      if token_data.nil?
+        resp=self.class.token_creator(@params[:crtype]).call(self)
         json_data=resp[:http].body
         token_data=JSON.parse(json_data)
         self.class.persist_mgr.put(token_id,json_data)
@@ -333,6 +283,5 @@ module Aspera
       # ok we shall have a token here
       return 'Bearer '+token_data[@params[:token_field]]
     end
-
   end # OAuth
 end # Aspera

data/lib/aspera/open_application.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'aspera/log'
 require 'aspera/environment'
 require 'rbconfig'
@@ -10,12 +11,12 @@ module Aspera
   class OpenApplication
     include Singleton
     # User Interfaces
-    def self.user_interfaces; [ :text, :graphical ]; end
+    def self.user_interfaces; [:text, :graphical]; end
 
     def self.default_gui_mode
       return :graphical if [Aspera::Environment::OS_WINDOWS,Aspera::Environment::OS_X].include?(Aspera::Environment.os)
       # unix family
-      return :graphical if ENV.has_key?("DISPLAY") and !ENV["DISPLAY"].empty?
+      return :graphical if ENV.has_key?('DISPLAY') && !ENV['DISPLAY'].empty?
       return :text
     end
 
@@ -27,7 +28,7 @@ module Aspera
       when Aspera::Environment::OS_WINDOWS
         return system('start explorer "'+uri.to_s+'"')
       when Aspera::Environment::OS_LINUX
-        return system("xdg-open '#{uri.to_s}'")
+        return system("xdg-open '#{uri}'")
       else
         raise "no graphical open method for #{Aspera::Environment.os}"
       end

data/lib/aspera/persistency_action_once.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'json'
 require 'aspera/log'
 
@@ -13,11 +14,11 @@ module Aspera
     # @param :merge    Optional  merge data from file to current data
     def initialize(options)
       Log.log.debug("persistency: #{options}")
-      raise "options shall be Hash" unless options.is_a?(Hash)
-      raise "mandatory :manager" if options[:manager].nil?
-      raise "mandatory :data" if options[:data].nil?
-      raise "mandatory :id (String)" unless options[:id].is_a?(String)
-      raise "mandatory 1 element in :id" unless options[:id].length >= 1
+      raise 'options shall be Hash' unless options.is_a?(Hash)
+      raise 'mandatory :manager' if options[:manager].nil?
+      raise 'mandatory :data' if options[:data].nil?
+      raise 'mandatory :id (String)' unless options[:id].is_a?(String)
+      raise 'mandatory 1 element in :id' unless options[:id].length >= 1
       @manager=options[:manager]
       @persisted_object=options[:data]
       @object_id=options[:id]
@@ -41,6 +42,5 @@ module Aspera
     def data
       return @persisted_object
     end
-
   end
 end

data/lib/aspera/persistency_folder.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'fileutils'
 require 'aspera/log'
 
@@ -10,10 +11,6 @@ module Aspera
     private_constant :FILE_SUFFIX
     def initialize(folder)
       @cache={}
-      set_folder(folder)
-    end
-
-    def set_folder(folder)
       @folder=folder
       Log.log.debug("persistency folder: #{@folder}")
     end
@@ -22,12 +19,12 @@ module Aspera
     def get(object_id)
       Log.log.debug("persistency get: #{object_id}")
       if @cache.has_key?(object_id)
-        Log.log.debug("got from memory cache")
+        Log.log.debug('got from memory cache')
       else
         persist_filepath=id_to_filepath(object_id)
         Log.log.debug("persistency = #{persist_filepath}")
         if File.exist?(persist_filepath)
-          Log.log.debug("got from file cache")
+          Log.log.debug('got from file cache')
           @cache[object_id]=File.read(persist_filepath)
         end
       end
@@ -35,7 +32,7 @@ module Aspera
     end
 
     def put(object_id,value)
-      raise "value: only String supported" unless value.is_a?(String)
+      raise 'value: only String supported' unless value.is_a?(String)
       persist_filepath=id_to_filepath(object_id)
       Log.log.debug("persistency saving: #{persist_filepath}")
       File.write(persist_filepath,value)
@@ -66,11 +63,10 @@ module Aspera
 
     # @param object_id String or Array
     def id_to_filepath(object_id)
-      raise "object_id: only String supported" unless object_id.is_a?(String)
+      raise 'object_id: only String supported' unless object_id.is_a?(String)
       FileUtils.mkdir_p(@folder)
       return File.join(@folder,"#{object_id}#{FILE_SUFFIX}")
       #.gsub(/[^a-z]+/,FILE_FIELD_SEPARATOR)
     end
-
   end # PersistencyFolder
 end # Aspera

data/lib/aspera/preview/file_types.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'aspera/log'
 require 'singleton'
 
@@ -305,15 +306,15 @@ module Aspera
       def conversion_type(filepath,mimetype)
         Log.log.debug("conversion_type(#{filepath},m=#{mimetype},t=#{@use_mimemagic})")
         # 1- get type from provided mime type, using local mapping
-        conv_type=SUPPORTED_MIME_TYPES[mimetype] if ! mimetype.nil?
+        conv_type=SUPPORTED_MIME_TYPES[mimetype] if !mimetype.nil?
         # 2- else, from computed mime type (if available)
-        if conv_type.nil? and @use_mimemagic
+        if conv_type.nil? && @use_mimemagic
           detected_mime=mime_from_file(filepath)
-          if ! detected_mime.nil?
+          if !detected_mime.nil?
             conv_type=SUPPORTED_MIME_TYPES[detected_mime]
-            if ! mimetype.nil?
+            if !mimetype.nil?
               if mimetype.eql?(detected_mime)
-                Log.log.debug("matching mime type per magic number")
+                Log.log.debug('matching mime type per magic number')
               else
                 # note: detected can be nil
                 Log.log.debug("non matching mime types: node=[#{mimetype}], magic=[#{detected_mime}]")